CVE-2016-0778

Name of the Vulnerable Software and Affected Versions OpenSSH versions 5.x through 7.x before 7.1p2

Description The issue is related to the roaming read and roaming write functions in OpenSSH, which do not properly maintain connection file descriptors when certain proxy and forward options are enabled. This can lead to a denial of service or possibly other impacts due to a heap-based buffer overflow. The vulnerability can be exploited by remote servers requesting many forwardings. It is also caused by improper bounds checking by the packet write wait() and ssh packet write wait() API functions when a ProxyCommand and either ForwardAgent or ForwardX11 are used.

Recommendations For OpenSSH versions 5.x through 7.x before 7.1p2, update to version 7.1p2 or later to resolve the issue. As a temporary workaround, consider disabling the roaming read and roaming write functions until a patch is available. Restrict access to the packet write wait() and ssh packet write wait() API functions to minimize the risk of exploitation. Avoid using the ProxyCommand option along with ForwardAgent or ForwardX11 in the affected API endpoints until the issue is resolved.